[PATCH] for Re: OSF_SIA bug in 2.3.0p1

Chris Adams cmadams at hiwaay.net
Thu Mar 29 02:29:46 EST 2001 

Once upon a time, John P Speno <speno at isc.upenn.edu> said:
> Could you test these patches on your Tru64 UNIX 4.x and 5.x systems. They
> implement the above ideas. In short, do_login is skipped when HAVE_OSF_SIA
> is enabled since the things do_login does are also done better in the
> Tru64 SIA routines.
> 
> Also, session_setup_sia will now show /etc/motd if appropriate. I needed a place to
> stick this, and session_setup_sia in auth-sia.c seemed ok at the time. I'm not sure of
> that now. Consider this a first draft for changes:

It looks good, except you don't check for .hushlogin.  I pulled
.hushlogin checking and MOTD printing into separate functions in
session.c (to avoid code duplication).

There is still a problem (maybe someone else can see it): there is a
race condition in displaying the error message back to the user when a
session is not started.  Sometimes you get (when connecting to a locked
account):

$ ssh -l burdell fly
Account is disabled -- see Account Administrator.

Connection to fly closed by remote host.
Connection to fly closed.
$ 

and sometimes you get:

$ ssh -l burdell fly
Connection to fly closed by remote host.
Connection to fly closed.
$ 

The "Account is disabled" line is from the SIA routine sia_ses_estab(),
called in auth-sia.c.  I'm not sure why it is printed some times and not
others.

Here is my current patch.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


diff -ur openssh_cvs/session.c openssh/session.c
--- openssh_cvs/session.c	Wed Mar 28 09:10:26 2001
+++ openssh/session.c	Wed Mar 28 10:17:17 2001
@@ -128,9 +128,11 @@
 void	do_exec_no_pty(Session *s, const char *command);
 void	do_login(Session *s, const char *command);
 void	do_child(Session *s, const char *command);
+void	do_motd(void);
 
 void	do_authenticated1(Authctxt *authctxt);
 void	do_authenticated2(Authctxt *authctxt);
+int	check_quietlogin(Session *s, const char *command);
 
 /* import */
 extern ServerOptions options;
@@ -633,8 +635,10 @@
 		close(ttyfd);
 
 		/* record login, etc. similar to login(1) */
+#ifndef HAVE_OSF_SIA
 		if (!(options.use_login && command == NULL))
 			do_login(s, command);
+#endif
 
 		/* Do common processing for the child, such as execing the command. */
 		do_child(s, command);
@@ -692,7 +696,6 @@
 void
 do_login(Session *s, const char *command)
 {
-	FILE *f;
 	char *time_string;
 	char buf[256];
 	char hostname[MAXHOSTNAMELEN];
@@ -739,15 +742,8 @@
 	}
 #endif
 
-	/* Done if .hushlogin exists or a command given. */
-	if (command != NULL)
-		return;
-	snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
-#ifdef HAVE_LOGIN_CAP
-	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
-#else
-	if (stat(buf, &st) >= 0)
-#endif
+	/* Done if quiet login. */
+	if (check_quietlogin(s, command))
 		return;
 
 #ifdef USE_PAM
@@ -768,6 +764,19 @@
 		else
 			printf("Last login: %s from %s\r\n", time_string, hostname);
 	}
+
+	do_motd();
+}
+
+/*
+ * Display the message of the day.
+ */
+void
+do_motd(void)
+{
+	FILE *f;
+	char buf[256];
+
 	if (options.print_motd) {
 #ifdef HAVE_LOGIN_CAP
 		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
@@ -1033,7 +1042,7 @@
 	if (options.use_login && command != NULL)
 		options.use_login = 0;
 
-#ifndef USE_PAM /* pam_nologin handles this */
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
 	if (!options.use_login) {
 # ifdef HAVE_LOGIN_CAP
 		if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
@@ -1051,7 +1060,7 @@
 			exit(254);
 		}
 	}
-#endif /* USE_PAM */
+#endif /* USE_PAM || HAVE_OSF_SIA */
 
 	/* Set login name, uid, gid, and groups. */
 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
@@ -1059,6 +1068,8 @@
 	if (!options.use_login) {
 #ifdef HAVE_OSF_SIA
 		session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
+		if (! check_quietlogin(s, command))
+			do_motd();
 #else /* HAVE_OSF_SIA */
 #ifdef HAVE_CYGWIN
 		if (is_winnt) {
@@ -2036,4 +2047,27 @@
 	server_loop2();
 	if (xauthfile)
 		xauthfile_cleanup_proc(NULL);
+}
+
+/*
+ * Check for quiet login, either .hushlogin or command given.
+ */
+int
+check_quietlogin(Session *s, const char *command)
+{
+	char buf[256];
+	struct passwd * pw = s->pw;
+	struct stat st;
+
+	/* Return 1 if .hushlogin exists or a command given. */
+	if (command != NULL)
+		return 1;
+	snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
+#ifdef HAVE_LOGIN_CAP
+	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
+#else
+	if (stat(buf, &st) >= 0)
+#endif
+		return 1;
+	return 0;
 }

More information about the openssh-unix-dev mailing list